AlloyDB for PostgreSQL roles and permissions

This page lists the IAM roles and permissions for AlloyDB for PostgreSQL. Tosearch through all roles and permissions, see therole andpermission index.

AlloyDB for PostgreSQL roles

Role Permissions

Role	Permissions
AlloyDB Admin (`roles/alloydb.admin`) Full access to AlloyDB all resources.	`alloydb.` `alloydb.backups.create` `alloydb.backups.createTagBinding` `alloydb.backups.delete` `alloydb.backups.deleteTagBinding` `alloydb.backups.get` `alloydb.backups.list` `alloydb.backups.listEffectiveTags` `alloydb.backups.listTagBindings` `alloydb.backups.update` `alloydb.clusters.create` `alloydb.clusters.createTagBinding` `alloydb.clusters.delete` `alloydb.clusters.deleteTagBinding` `alloydb.clusters.export` `alloydb.clusters.generateClientCertificate` `alloydb.clusters.get` `alloydb.clusters.import` `alloydb.clusters.list` `alloydb.clusters.listEffectiveTags` `alloydb.clusters.listTagBindings` `alloydb.clusters.promote` `alloydb.clusters.switchover` `alloydb.clusters.update` `alloydb.clusters.upgrade` `alloydb.databases.create` `alloydb.databases.get` `alloydb.databases.list` `alloydb.instances.connect` `alloydb.instances.create` `alloydb.instances.delete` `alloydb.instances.executeSql` `alloydb.instances.failover` `alloydb.instances.get` `alloydb.instances.injectFault` `alloydb.instances.list` `alloydb.instances.restart` `alloydb.instances.update` `alloydb.locations.get` `alloydb.locations.list` `alloydb.operations.cancel` `alloydb.operations.delete` `alloydb.operations.get` `alloydb.operations.list` `alloydb.supportedDatabaseFlags.get` `alloydb.supportedDatabaseFlags.list` `alloydb.users.create` `alloydb.users.delete` `alloydb.users.get` `alloydb.users.list` `alloydb.users.login` `alloydb.users.update` `backupdr.backupPlanAssociations.createForAlloydbCluster` `backupdr.backupPlanAssociations.deleteForAlloydbCluster` `backupdr.backupPlanAssociations.fetchForAlloydbCluster` `backupdr.backupPlanAssociations.getForAlloydbCluster` `backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster` `backupdr.backupPlanAssociations.updateForAlloydbCluster` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForAlloydbCluster` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.useReadOnlyForAlloydbCluster` `backupdr.bvdataSources.useReadOnlyForAlloydbCluster` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.locations.list` `backupdr.operations.get` `backupdr.serviceConfig.initialize` `cloudaicompanion.entitlements.get` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `databasesconsole.locations.` `databasesconsole.locations.get` `databasesconsole.locations.list` `databasesconsole.studioQueries.` `databasesconsole.studioQueries.create` `databasesconsole.studioQueries.delete` `databasesconsole.studioQueries.get` `databasesconsole.studioQueries.list` `databasesconsole.studioQueries.search` `databasesconsole.studioQueries.update` `recommender.alloydbClusterPerformanceInsights.` `recommender.alloydbClusterPerformanceInsights.get` `recommender.alloydbClusterPerformanceInsights.list` `recommender.alloydbClusterPerformanceInsights.update` `recommender.alloydbClusterPerformanceRecommendations.` `recommender.alloydbClusterPerformanceRecommendations.get` `recommender.alloydbClusterPerformanceRecommendations.list` `recommender.alloydbClusterPerformanceRecommendations.update` `recommender.alloydbClusterReliabilityInsights.` `recommender.alloydbClusterReliabilityInsights.get` `recommender.alloydbClusterReliabilityInsights.list` `recommender.alloydbClusterReliabilityInsights.update` `recommender.alloydbClusterReliabilityRecommendations.` `recommender.alloydbClusterReliabilityRecommendations.get` `recommender.alloydbClusterReliabilityRecommendations.list` `recommender.alloydbClusterReliabilityRecommendations.update` `recommender.alloydbInstanceSecurityInsights.` `recommender.alloydbInstanceSecurityInsights.get` `recommender.alloydbInstanceSecurityInsights.list` `recommender.alloydbInstanceSecurityInsights.update` `recommender.alloydbInstanceSecurityRecommendations.` `recommender.alloydbInstanceSecurityRecommendations.get` `recommender.alloydbInstanceSecurityRecommendations.list` `recommender.alloydbInstanceSecurityRecommendations.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
AlloyDB Client (`roles/alloydb.client`) Connectivity access to AlloyDB instances.	`alloydb.clusters.generateClientCertificate` `alloydb.clusters.get` `alloydb.instances.connect` `alloydb.instances.get` `monitoring.timeSeries.create` `resourcemanager.projects.get` `resourcemanager.projects.list`
AlloyDB Database User (`roles/alloydb.databaseUser`) Role allowing access to login as a database user.	`alloydb.clusters.get` `alloydb.instances.executeSql` `alloydb.instances.get` `alloydb.users.login` `databasesconsole.locations.*` `databasesconsole.locations.get` `databasesconsole.locations.list` `databasesconsole.studioQueries.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
AlloyDB Service Agent (`roles/alloydb.serviceAgent`) Gives the AlloyDB service account permission to manage customer resources Warning: Do not grant service agent roles to any principals except service agents.	`alloydb.clusters.list`
AlloyDB Viewer (`roles/alloydb.viewer`) Read-only access to AlloyDB all resources.	`alloydb.backups.get` `alloydb.backups.list` `alloydb.backups.listEffectiveTags` `alloydb.backups.listTagBindings` `alloydb.clusters.export` `alloydb.clusters.get` `alloydb.clusters.list` `alloydb.clusters.listEffectiveTags` `alloydb.clusters.listTagBindings` `alloydb.databases.get` `alloydb.databases.list` `alloydb.instances.get` `alloydb.instances.list` `alloydb.locations.` `alloydb.locations.get` `alloydb.locations.list` `alloydb.operations.get` `alloydb.operations.list` `alloydb.supportedDatabaseFlags.` `alloydb.supportedDatabaseFlags.get` `alloydb.supportedDatabaseFlags.list` `alloydb.users.get` `alloydb.users.list` `cloudaicompanion.entitlements.get` `recommender.alloydbClusterPerformanceInsights.get` `recommender.alloydbClusterPerformanceInsights.list` `recommender.alloydbClusterPerformanceRecommendations.get` `recommender.alloydbClusterPerformanceRecommendations.list` `recommender.alloydbClusterReliabilityInsights.get` `recommender.alloydbClusterReliabilityInsights.list` `recommender.alloydbClusterReliabilityRecommendations.get` `recommender.alloydbClusterReliabilityRecommendations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

AlloyDB Admin

(roles/alloydb.admin)

Full access to AlloyDB all resources.

alloydb.*

alloydb.backups.create
alloydb.backups.createTagBinding
alloydb.backups.delete
alloydb.backups.deleteTagBinding
alloydb.backups.get
alloydb.backups.list
alloydb.backups.listEffectiveTags
alloydb.backups.listTagBindings
alloydb.backups.update
alloydb.clusters.create
alloydb.clusters.createTagBinding
alloydb.clusters.delete
alloydb.clusters.deleteTagBinding
alloydb.clusters.export
alloydb.clusters.generateClientCertificate
alloydb.clusters.get
alloydb.clusters.import
alloydb.clusters.list
alloydb.clusters.listEffectiveTags
alloydb.clusters.listTagBindings
alloydb.clusters.promote
alloydb.clusters.switchover
alloydb.clusters.update
alloydb.clusters.upgrade
alloydb.databases.create
alloydb.databases.get
alloydb.databases.list
alloydb.instances.connect
alloydb.instances.create
alloydb.instances.delete
alloydb.instances.executeSql
alloydb.instances.failover
alloydb.instances.get
alloydb.instances.injectFault
alloydb.instances.list
alloydb.instances.restart
alloydb.instances.update
alloydb.locations.get
alloydb.locations.list
alloydb.operations.cancel
alloydb.operations.delete
alloydb.operations.get
alloydb.operations.list
alloydb.supportedDatabaseFlags.get
alloydb.supportedDatabaseFlags.list
alloydb.users.create
alloydb.users.delete
alloydb.users.get
alloydb.users.list
alloydb.users.login
alloydb.users.update

backupdr.backupPlanAssociations.createForAlloydbCluster

backupdr.backupPlanAssociations.deleteForAlloydbCluster

backupdr.backupPlanAssociations.fetchForAlloydbCluster

backupdr.backupPlanAssociations.getForAlloydbCluster

backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster

backupdr.backupPlanAssociations.updateForAlloydbCluster

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForAlloydbCluster

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.useReadOnlyForAlloydbCluster

backupdr.bvdataSources.useReadOnlyForAlloydbCluster

backupdr.dataSourceReferences.fetchForAlloydbCluster

backupdr.dataSourceReferences.getForAlloydbCluster

backupdr.locations.list

backupdr.operations.get

backupdr.serviceConfig.initialize

cloudaicompanion.entitlements.get

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole.locations.list

databasesconsole.studioQueries.*

databasesconsole.studioQueries.create
databasesconsole.studioQueries.delete
databasesconsole.studioQueries.get
databasesconsole.studioQueries.list
databasesconsole.studioQueries.search
databasesconsole.studioQueries.update

recommender.alloydbClusterPerformanceInsights.*

recommender.alloydbClusterPerformanceInsights.get
recommender.alloydbClusterPerformanceInsights.list
recommender.alloydbClusterPerformanceInsights.update

recommender.alloydbClusterPerformanceRecommendations.*

recommender.alloydbClusterPerformanceRecommendations.get
recommender.alloydbClusterPerformanceRecommendations.list
recommender.alloydbClusterPerformanceRecommendations.update

recommender.alloydbClusterReliabilityInsights.*

recommender.alloydbClusterReliabilityInsights.get
recommender.alloydbClusterReliabilityInsights.list
recommender.alloydbClusterReliabilityInsights.update

recommender.alloydbClusterReliabilityRecommendations.*

recommender.alloydbClusterReliabilityRecommendations.get
recommender.alloydbClusterReliabilityRecommendations.list
recommender.alloydbClusterReliabilityRecommendations.update

recommender.alloydbInstanceSecurityInsights.*

recommender.alloydbInstanceSecurityInsights.get
recommender.alloydbInstanceSecurityInsights.list
recommender.alloydbInstanceSecurityInsights.update

recommender.alloydbInstanceSecurityRecommendations.*

recommender.alloydbInstanceSecurityRecommendations.get
recommender.alloydbInstanceSecurityRecommendations.list
recommender.alloydbInstanceSecurityRecommendations.update

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Client

(roles/alloydb.client)

Connectivity access to AlloyDB instances.

alloydb.clusters.generateClientCertificate

alloydb.clusters.get

alloydb.instances.connect

alloydb.instances.get

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Database User

(roles/alloydb.databaseUser)

Role allowing access to login as a database user.

alloydb.clusters.get

alloydb.instances.executeSql

alloydb.instances.get

alloydb.users.login

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole.locations.list

databasesconsole.studioQueries.search

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Service Agent

(roles/alloydb.serviceAgent)

Gives the AlloyDB service account permission to manage customer resources

Warning: Do not grant service agent roles to any principals except service agents.

alloydb.clusters.list

AlloyDB Viewer

(roles/alloydb.viewer)

Read-only access to AlloyDB all resources.

alloydb.backups.get

alloydb.backups.list

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.export

alloydb.clusters.get

alloydb.clusters.list

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

alloydb.databases.get

alloydb.databases.list

alloydb.instances.get

alloydb.instances.list

alloydb.locations.*

alloydb.locations.get
alloydb.locations.list

alloydb.operations.get

alloydb.operations.list

alloydb.supportedDatabaseFlags.*

alloydb.supportedDatabaseFlags.get
alloydb.supportedDatabaseFlags.list

alloydb.users.get

alloydb.users.list

cloudaicompanion.entitlements.get

recommender.alloydbClusterPerformanceInsights.get

recommender.alloydbClusterPerformanceInsights.list

recommender.alloydbClusterPerformanceRecommendations.get

recommender.alloydbClusterPerformanceRecommendations.list

recommender.alloydbClusterReliabilityInsights.get

recommender.alloydbClusterReliabilityInsights.list

recommender.alloydbClusterReliabilityRecommendations.get

recommender.alloydbClusterReliabilityRecommendations.list

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB for PostgreSQL permissions

Permission	Included in roles
`alloydb.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.backups.createTagBinding`	Owner (`roles/owner`) AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.backups.deleteTagBinding`	Owner (`roles/owner`) AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`alloydb.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`alloydb.backups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.backups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.backups.update`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.clusters.create`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.createTagBinding`	Owner (`roles/owner`) AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.clusters.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.deleteTagBinding`	Owner (`roles/owner`) AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.clusters.export`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`alloydb.clusters.generateClientCertificate`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Client (`roles/alloydb.client`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Client (`roles/alloydb.client`) AlloyDB Database User (`roles/alloydb.databaseUser`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.import`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.clusters.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`) AlloyDB Service Agent (`roles/alloydb.serviceAgent`)
`alloydb.clusters.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.clusters.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.clusters.promote`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.clusters.switchover`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.clusters.update`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.upgrade`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.databases.create`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.databases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`alloydb.databases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`alloydb.instances.connect`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Client (`roles/alloydb.client`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.executeSql`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Database User (`roles/alloydb.databaseUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.failover`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Client (`roles/alloydb.client`) AlloyDB Database User (`roles/alloydb.databaseUser`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.injectFault`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.restart`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`alloydb.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`alloydb.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`alloydb.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.supportedDatabaseFlags.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`alloydb.supportedDatabaseFlags.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`alloydb.users.create`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.users.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`alloydb.users.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`alloydb.users.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`alloydb.users.login`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) AlloyDB Database User (`roles/alloydb.databaseUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.users.update`	Owner (`roles/owner`) Editor (`roles/editor`) AlloyDB Admin (`roles/alloydb.admin`) Databases Admin (`roles/iam.databasesAdmin`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.

Movatterモバイル変換

AlloyDB for PostgreSQL roles and permissions Stay organized with collections Save and categorize content based on your preferences.